fsfe-system-hackers/ssh-key-distributor
13
1
Fork 0
Code Issues 4 Pull Requests 3 Releases Wiki Activity
238 Commits 4 Branches 3 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Tobias Diekershoff d64b6e0af3
All checks were successful
continuous-integration/drone/push Build is passing
Details
bump inventory
2025-04-16 13:29:51 +02:00
.reuse
fix REUSE and copyright
2021-05-17 18:02:12 +02:00
admin
fix: formatting und remove deprecated function call
2023-08-17 09:53:41 +02:00
inventory @ 9dc978ce6f
bump inventory
2025-04-07 16:55:29 +02:00
LICENSES
made REUSE compliant
2021-04-03 13:38:00 +02:00
ssh-data @ e538e9d107
bump inventory
2025-04-16 13:29:51 +02:00
tasks
no changed for the backup task
2022-08-24 11:49:37 +02:00
.drone.yml
rename syncdocs pipeline
2023-01-13 13:03:11 +01:00
.gitignore
fix REUSE and copyright
2021-05-17 18:02:12 +02:00
.gitmodules
fix REUSE and copyright
2021-05-17 18:02:12 +02:00
admin.py
black
2022-08-24 18:16:14 +02:00
ansible.cfg
use inventory automatically, fix HTML syntax
2021-05-04 15:16:42 +02:00
Pipfile
fix: remove unneeded deps
2023-08-17 09:52:45 +02:00
Pipfile.license
made reuse compliant and added reuse to CI
2021-05-27 18:16:27 +02:00
Pipfile.lock
fix: remove unneeded deps
2023-08-17 09:52:45 +02:00
Pipfile.lock.license
made reuse compliant and added reuse to CI
2021-05-27 18:16:27 +02:00
playbook.yml
make ansible-lint test happy
2023-07-04 15:28:49 +02:00
README.md
Update README
2023-03-06 15:20:54 +01:00
renovate.json
update renovate to support depedency dashboard
2023-07-04 13:23:23 +02:00
renovate.json.license
fix REUSE and copyright
2021-05-17 18:02:12 +02:00
utils.py
fix REUSE and copyright
2021-05-17 18:02:12 +02:00

README.md

in docs.fsfe.org REUSE status Build Status

SSH Key Distributor

Goal

Providing a simple way to ensure the presence (or absence) of public SSH keys on a set of systems (user-host-combinations) according to profiles.

Usage

If you want to run this directly using Python or develop the tool further, first execute the following commands to get started with pipenv. Make sure you're using at least Python 3.9

pip install --user pipenv
pipenv install

then you should initialise the inventory and ssh-data submodules where all the FSFE-specific data is stored.

git submodule update --init --remote inventory
git submodule update --init --remote ssh-data

finally run to start the UI:

pipenv run python admin.py

and open http://localhost:5000/admin. There you'll find instructions on how to proceed. It boils down to the following:

  1. Configure keys and the systems to which they have access. This project uses the following concept to ease configuration:

    Systems are user-host-combinations, e.g. exampleuser@exampleserver.com. For each system the location of its authfile needs to be specified, e.g. /home/exampleuser/.ssh/authfile

    Profiles are simply a utility. They allow the user to specify which keys have access to which system in a more straightforward way than adding every key to every system individually. One can for example specify an admin group which has access to all root accounts on all hosts. Then adding a new key that is supposed to have this level of access can just be added to the admin profile.

    Keys are simply public SSH keys. They consist of a keytype (e.g. ed25519), the keystring, a comment and an option.

  2. Once everything is configured correctly, you can generate the variables that the Ansible playbook at the root of this project needs in order to carry out its function, i.e. updating all the ~/.ssh/authorized_keys files on all hosts. Generate the needed Ansible configuration files by clicking the button labelled Generate Ansible Config.

  3. At this point, All that is left to do is to deploy all the keys via a slim ansible playbook using the command below:

    ansible-playbook playbook.yml

Architecture

UI

A simple CRUD interface based on Flask Admin based on data model managed in SQLAlchemy (a powerful ORM implementation)

Database

A simple data model with three tables (key, profile, system) and two association tables (at_key_profile, at_profile_system).

Deployment

A pre-deployment python script which creates and the correct variables for each host and the contents of the keystringfiles directory. This script is called from the homepage of the UI, i.e. /admin by clicking the aforementioned button.

Description
A simple application to manage and distribute SSH keys to our systems
ansiblepythonrenovatessh
Readme 739 KiB
Languages
Python 77.7%
HTML 15.9%
CSS 6.4%